CPSC 467b: Cryptography and Computer Security
|
|
- Arnold Holmes
- 5 years ago
- Views:
Transcription
1 CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 February 5, 2013 CPSC 467b, Lecture 7 1/45
2 Stream cipher from block cipher Review of OFB and CFB chaining modes Extending chaining modes to bytes Active adversary attacks Steganography Public-key cryptography RSA Some number theory Factoring Assumption Computing with Big Numbers CPSC 467b, Lecture 7 2/45
3 Stream cipher from block cipher CPSC 467b, Lecture 7 3/45
4 Review of OFB and CFB chaining modes Output Feedback Mode (OFB) Similar to a one-time pad, but keystream is generated from the previous block keys using E k. To encrypt, Alice computes a stream of block keys k 1, k 2,..., where k i = E k (k i 1 ) and k 0 is a fixed initial vector (IV). The block keys are XORed with successive plaintext blocks. That is, c i = m i k i. To decrypt, Bob applies exactly the same method to the ciphertext to get the plaintext. That is, m i = c i k i, where k i = E k (k i 1 ) and k 0 = IV. CPSC 467b, Lecture 7 4/45
5 Review of OFB and CFB chaining modes Cipher-Feedback Mode (CFB) Similar to OFB, but keystream is generated from the previous cipher text blocks using E k. To encrypt, Alice computes a stream of block keys k 1, k 2,..., where k i = E k (c i 1 ) and c 0 is a fixed initial vector (IV). The block keys are XORed with successive plaintext blocks, just as in OFB. That is, c i = m i k i. To decrypt, Bob applies exactly the same method to the ciphertext to get the plaintext. That is, c i = m i k i, where k i = E k (c i 1 ) and c 0 = IV. CPSC 467b, Lecture 7 5/45
6 Extending chaining modes to bytes Stream ciphers from OFB and CFB block ciphers OFB and CFB block modes can be turned into stream ciphers. Both compute c i = m i k i, where k i = E k (k i 1 ) (for OFB); k i = E k (c i 1 ) (for CFB). Assume a block size of b bytes numbered 0,..., b 1. Then c i,j = m i,j k i,j, so each output byte c i,j can be computed before knowing m i,j for j > j; no need to wait for all of m i. One must keep track of j. When j = b, the current block is finished, i must be incremented, j must be reset to 0, and k i+1 must be computed. CPSC 467b, Lecture 7 6/45
7 Extending chaining modes to bytes Extended OFB and CFB modes Simpler (for hardware implementation) and more uniform stream ciphers result by also computing k i a byte at a time. The idea: Use a shift register X to accumulate the feedback bits from previous stages of encryption so that the full-sized blocks needed by the block chaining method are available. X is initialized to some public initialization vector. CPSC 467b, Lecture 7 7/45
8 Extending chaining modes to bytes Some notation Assume block size b = 16 bytes. Define two operations: L and R on blocks: L(x) is the leftmost byte of x; R(x) is the rightmost b 1 bytes of x. CPSC 467b, Lecture 7 8/45
9 Extending chaining modes to bytes Extended OFB and CFB similarities The extended versions of OFB and CFB are very similar. Both maintain a one-block shift register X. The shift register value X s at stage s depends only on c 1,..., c s 1 (which are now single bytes) and the master key k. At stage i, Alice computes X s according to Extended OFB or Extended CFB rules; computes byte key k s = L(E k (X s )); encrypts message byte m s as c s = m s k s. Bob decrypts similarly. CPSC 467b, Lecture 7 9/45
10 Extending chaining modes to bytes Shift register rules The two modes differ in how they update the shift register. Extended OFB mode X s = R(X s 1 ) k s 1 Extended CFB mode X s = R(X s 1 ) c s 1 ( denotes concatenation.) Summary: Extended OFB keeps the most recent b key bytes in X. Extended CFB keeps the most recent b ciphertext bytes in X, CPSC 467b, Lecture 7 10/45
11 Extending chaining modes to bytes Comparison of extended OFB and CFB modes The differences seem minor, but they have profound implications on the resulting cryptosystem. In eofb mode, X s depends only on s and the master key k (and the initialization vector IV), so loss of a ciphertext byte causes loss of only the corresponding plaintext byte. In ecfb mode, loss of ciphertext byte c s causes m s and all succeeding message bytes to become undecipherable until c s is shifted off the end of X. Thus, b message bytes are lost. CPSC 467b, Lecture 7 11/45
12 Extending chaining modes to bytes Downside of extended OFB The downside of eofb is that security is lost if the same master key is used twice for different messages. CFB does not suffer from this problem since different messages lead to different ciphertexts and hence different keystreams. Nevertheless, ecfb has the undesirable property that the keystreams are the same up to and including the first byte in which the two message streams differ. This enables Eve to determine the length of the common prefix of the two message streams and also to determine the XOR of the first bytes at which they differ. CPSC 467b, Lecture 7 12/45
13 Extending chaining modes to bytes Possible solution Possible solution to both problems: Use a different initialization vector for each message. Prefix the ciphertext with the (unencrypted) IV so Bob can still decrypt. CPSC 467b, Lecture 7 13/45
14 Active adversary attacks CPSC 467b, Lecture 7 14/45
15 Active adversary Recall from lecture 3 the active adversary Mallory who has the power to modify messages and generate his own messages as well as eavesdrop. Alice sends c = E k (m), but Bob may receive a corrupted or forged c c. How does Bob know that the message he receives really was sent by Alice? The naive answer is that Bob computes m = D k (c ), and if m looks like a valid message, then Bob accepts it as having come from Alice. The reasoning here is that Mallory, not knowing k, could not possibly have produced a valid-looking message. For any particular cipher such as DES, that assumption may or may not be valid. CPSC 467b, Lecture 7 15/45
16 Some active attacks Three successively weaker (and therefore easier) active attacks in which Mallory might produce fraudulent messages: 1. Produce valid c = E k (m ) for a message m of his choosing. 2. Produce valid c = E k (m ) for a message m that he cannot choose and perhaps does not even know. 3. Alter a valid c = E k (m) to produce a new valid c that corresponds to an altered message m of the true message m. Attack (1) requires computing c = E k (m) without knowing k. This is similar to Eve s ciphertext-only passive attack where she tries to compute m = D k (c) without knowing k. It s conceivable that one attack is possible but not the other. CPSC 467b, Lecture 7 16/45
17 Replay attacks One form of attack (2) clearly is possible. In a replay attack, Mallory substitutes a legitimate old encrypted message c for the current message c. It can be thwarted by adding timestamps and/or sequence numbers to the messages so that Bob can recognize when old messages are being received. Of course, this only works if Alice and Bob anticipate the attack and incorporate appropriate countermeasures into their protocol. CPSC 467b, Lecture 7 17/45
18 Fake encrypted messages Even if replay attacks are ruled out, a cryptosystem that is secure against attack (1) might still permit attack (2). There are all sorts of ways that Mallory can generate values c. What gives us confidence that Bob won t accept one of them as being valid? CPSC 467b, Lecture 7 18/45
19 Message-altering attacks Attack (3) might be possible even when (1) and (2) are not. For example, if c 1 and c 2 are encryptions of valid messages, perhaps so is c 1 c 2. This depends entirely on particular properties of E k unrelated to the difficulty of decrypting a given ciphertext. We will see some cryptosystems later that do have the property of being vulnerable to attack (3). In some contexts, this ability to do meaning computations on ciphertexts can actually be useful, as we shall see. CPSC 467b, Lecture 7 19/45
20 Encrypting random-looking strings Cryptosystems are not always used to send natural language or other highly-redundant messages. For example, suppose Alice wants to send Bob her password to a web site. Knowing full well the dangers of sending passwords in the clear over the internet, she chooses to encrypt it instead. Since passwords are supposed to look like random strings of characters, Bob will likely accept anything he gets from Alice. He could be quite embarrassed (or worse) claiming he knew Alice s password when in fact the password he thought was from Alice was actually a fraudulent one derived from a random ciphertext c produced by Mallory. CPSC 467b, Lecture 7 20/45
21 Steganography CPSC 467b, Lecture 7 21/45
22 Steganography Steganography, hiding one message inside another, is an old technique that is still in use. For example, a message can be hidden inside a graphics image file by using the low-order bit of each pixel to encode the message. The visual effect of these tiny changes is generally too small to be noticed by the user. The message can be hidden further by compressing it or by encrypting it with a conventional cryptosystem. Unlike conventional cryptosystems, steganography relies on the secrecy of the method of hiding for its security. If Eve does not even recognize the message as ciphertext, then she is not likely to attempt to decrypt it. CPSC 467b, Lecture 7 22/45
23 Public-key cryptography CPSC 467b, Lecture 7 23/45
24 Public-key cryptography Classical cryptography uses a single key for both encryption and decryption. This is also called a symmetric or 1-key cryptography. There is no logical reason why the encryption and decryption keys should be the same. Allowing them to differ gives rise to asymmetric cryptography, also known as public-key or 2-key cryptography. CPSC 467b, Lecture 7 24/45
25 Asymmetric cryptosystems An asymmetric cryptosystem has a pair k = (k e, k d ) of related keys, the encryption key k e and the decryption key k d. Alice encrypts a message m by computing c = E ke (m). Bob decrypts c by computing m = D kd (c). We sometimes write e instead of k e and d instead of k d, e.g., E e (m) and D d (c). We sometimes write k instead of k e or k d where the meaning is clear from context, e.g., E k (m) and D k (c). In practice, it isn t generally as confusing as all this, but the potential for misunderstanding is there. As always, the decryption function inverts the encryption function, so m = D d (E e (m)). CPSC 467b, Lecture 7 25/45
26 Security requirement Should be hard for Eve to find m given c = E e (m) and e. The system remains secure even if the encryption key e is made public! e is said to be the public key and d the private key. Reason to make e public. Anybody can send an encrypted message to Bob. Sandra obtains Bob s public key e and sends c = E e (m) to Bob. Bob recovers m by computing D d (c), using his private key d. This greatly simplifies key management. No longer need a secure channel between Alice and Bob for the initial key distribution (which I have carefully avoided talking about so far). CPSC 467b, Lecture 7 26/45
27 Man-in-the-middle attack against 2-key cryptosystem An active adversary Mallory can carry out a nasty man-in-the-middle attack. Mallory sends his own encryption key to Sandra when she attempts to obtain Bob s key. Not knowing she has been duped, Sandra encrypts her private data using Mallory s public key, so Mallory can read it (but Bob cannot)! To keep from being discovered, Mallory intercepts each message from Sandra to Bob, decrypts using his own decryption key, re-encrypts using Bob s public encryption key, and sends it on to Bob. Bob, receiving a validly encrypted message, is none the wiser. CPSC 467b, Lecture 7 27/45
28 Passive attacks against a 2-key cryptosystem Making the encryption key public also helps a passive attacker. 1. Chosen-plaintext attacks are available since Eve can generate as many plaintext-ciphertext pairs as she wishes using the public encryption function E e (). 2. The public encryption function also gives Eve a foolproof way to check the validity of a potential decryption. Namely, Eve can verify D d (c) = m 0 for some candidate message m 0 by checking that c = E e (m 0 ). Redundancy in the set of meaningful messages is no longer necessary for brute force attacks. CPSC 467b, Lecture 7 28/45
29 Facts about asymmetric cryptosystems Good asymmetric cryptosystems are much harder to design than good symmetric cryptosystems. All known asymmetric systems are orders of magnitude slower than corresponding symmetric systems. CPSC 467b, Lecture 7 29/45
30 Hybrid cryptosystems Asymmetric and symmetric cryptosystems are often used together. Let (E 2, D 2 ) be a 2-key cryptosystem and (E 1, D 1 ) be a 1-key cryptosystem. Here s how Alice sends a secret message m to Bob. Alice generates a random session key k. Alice computes c 1 = E 1 k (m) and c 2 = E 2 e (k), where e is Bob s public key, and sends (c 1, c 2 ) to Bob. Bob computes k = D 2 d (c 2) using his private decryption key d and then computes m = D 1 k (c 1). This is much more efficient than simply sending E 2 e (m) in the usual case that m is much longer than k. Note that the 2-key system is used to encrypt random strings! CPSC 467b, Lecture 7 30/45
31 RSA CPSC 467b, Lecture 7 31/45
32 Overview of RSA Probably the most commonly used asymmetric cryptosystem today is RSA, named from the initials of its three inventors, Rivest, Shamir, and Adelman. Unlike the symmetric systems we have been talking about so far, RSA is based not on substitution and transposition but on arithmetic involving very large integers numbers that are hundreds or even thousands of bits long. To understand why RSA works requires knowing a bit of number theory. However, the basic ideas can be presented quite simply, which I will do now. CPSC 467b, Lecture 7 32/45
33 RSA spaces The message space, ciphertext space, and key space for RSA is the set of integers Z n = {0,..., n 1} for some very large integer n. For now, think of n as a number so large that its binary representation is 1024 bits long. Such a number is unimaginably big. It is bigger than For comparison, the number of atoms in the observable universe 1 is estimated to be only Wikipedia, universe CPSC 467b, Lecture 7 33/45
34 Encoding bit strings by integers To use RSA as a block cipher on bit strings, Alice must convert each block to an integer m Z n, and Bob must convert m back to a block. Many such encodings are possible, but perhaps the simplest is to prepend a 1 to the block x and regard the result as a binary integer m. To decode m to a block, write out m in binary and then delete the initial 1 bit. To ensure that m < n as required, we limit the length of our blocks to 1022 bits. CPSC 467b, Lecture 7 34/45
35 RSA key generation Here s how Bob generates an RSA key pair. Bob chooses two sufficiently large distinct prime numbers p and q and computes n = pq. For security, p and q should be about the same length (when written in binary). He computes two numbers e and d with a certain number-theoretic relationship. The public key is the pair k e = (e, n). The private key is the pair k d = (d, n). The primes p and q are no longer needed and should be discarded. CPSC 467b, Lecture 7 35/45
36 RSA encryption and decryption To encrypt, Alice computes c = m e mod n. 2 To decrypt, Bob computes m = c d mod n. Here, a mod n denotes the remainder when a is divided by n. This works because e and d are chosen so that, for all m, m = (m e mod n) d mod n. (1) That s all there is to it, once the keys have been found. Most of the complexity in implementing RSA has to do with key generation, which fortunately is done only infrequently. 2 For now, assume all messages and ciphertexts are integers in Z n. CPSC 467b, Lecture 7 36/45
37 RSA questions You should already be asking yourself the following questions: How does one find n, e, d such that equation 1 is satisfied? Why is RSA believed to be secure? How can one implement RSA on a computer when most computers only support arithmetic on 32-bit or 64-bit integers, and how long does it take? How can one possibly compute m e mod n for 1024 bit numbers. m e, before taking the remainder, has size roughly ( ) = = = This is a number that is roughly bits long! No computer has enough memory to store that number, and no computer is fast enough to compute it. CPSC 467b, Lecture 7 37/45
38 Tools needed to answer RSA questions Two kinds of tools are needed to understand and implement RSA. Algorithms: Need clever algorithms for primality testing, fast exponentiation, and modular inverse computation. Number theory: Need some theory of Z n, the integers modulo n, and some special properties of numbers n that are the product of two primes. CPSC 467b, Lecture 7 38/45
39 Some number theory CPSC 467b, Lecture 7 39/45
40 Factoring Factoring assumption The factoring problem is to find a prime divisor of a composite number n. The factoring assumption is that there is no probabilistic polynomial-time algorithm for solving the factoring problem, even for the special case of an integer n that is the product of just two distinct primes The security of RSA is based on the factoring assumption. No feasible factoring algorithm is known, but there is no proof that such an algorithm does not exist. CPSC 467b, Lecture 7 40/45
41 Factoring How big is big enough? The security of RSA depends on n, p, q being sufficiently large. What is sufficiently large? That s hard to say, but n is typically chosen to be at least 1024 bits long, or for better security, 2048 bits long. The primes p and q whose product is n are generally chosen be roughly the same length, so each will be about half as long as n. CPSC 467b, Lecture 7 41/45
42 Bignums Algorithms for arithmetic on big numbers The arithmetic built into typical computers can handle only 32-bit or 64-bit integers. Hence, all arithmetic on large integers must be performed by software routines. The straightforward algorithms for addition and multiplication have time complexities O(N) and O(N 2 ), respectively, where N is the length (in bits) of the integers involved. Asymptotically faster multiplication algorithms are known, but they involve large constant factor overheads. It s not clear whether they are practical for numbers of the sizes we are talking about. CPSC 467b, Lecture 7 42/45
43 Bignums Big number libraries A lot of cleverness is possible in the careful implementation of even the O(N 2 ) multiplication algorithms, and a good implementation can be many times faster in practice than a poor one. They are also hard to get right because of many special cases that must be handled correctly! Most people choose to use big number libraries written by others rather than write their own code. Two such libraries that you can use in this course: 1. GMP (GNU Multiple Precision Arithmetic Library); 2. The big number routines in the openssl crypto library. CPSC 467b, Lecture 7 43/45
44 Bignums GMP GMP provides a large number of highly-optimized function calls for use with C and C++. It is preinstalled on all of the Zoo nodes and supported by the open source community. Type info gmp at a shell for documentation. CPSC 467b, Lecture 7 44/45
45 Bignums Openssl crypto package OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. It is widely used and pretty well debugged. The protocols require cryptography, and OpenSSL implements its own big number routines which are contained in its crypto library. Type man crypto for general information about the library, and man bn for specifics of the big number routines. CPSC 467b, Lecture 7 45/45
CPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 8 September 28, 2015 CPSC 467, Lecture 8 1/44 Chaining Modes Block chaining modes Extending chaining modes to bytes Public-key Cryptography
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 January 30, 2012 CPSC 467b, Lecture 7 1/44 Public-key cryptography RSA Factoring Assumption Computing with Big Numbers Fast Exponentiation
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 8 September 22, 2014 CPSC 467, Lecture 8 1/59 Chaining Modes Block chaining modes Extending chaining modes to bytes Public-key Cryptography
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Lecture 6 Michael J. Fischer Department of Computer Science Yale University January 27, 2010 Michael J. Fischer CPSC 467b, Lecture 6 1/36 1 Using block ciphers
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 6 January 25, 2012 CPSC 467b, Lecture 6 1/46 Byte padding Chaining modes Stream ciphers Symmetric cryptosystem families Stream ciphers
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationStudy Guide to Mideterm Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #7 Professor M. J. Fischer February 20, 2012 Study Guide to Mideterm Exam For the exam, you are responsible
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Michael J. Fischer Lecture 4 September 11, 2017 CPSC 467, Lecture 4 1/23 Analyzing Confidentiality of Cryptosystems Secret ballot elections Information protection Adversaries
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationAlgorithms (III) Yijia Chen Shanghai Jiaotong University
Algorithms (III) Yijia Chen Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the
More informationAlgorithms (III) Yu Yu. Shanghai Jiaotong University
Algorithms (III) Yu Yu Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the assumed
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationSymmetric Encryption
Symmetric Encryption Ahmed Y. Banihammd & Ihsan, ALTUNDAG Mon November 5, 2007 Advanced Cryptography 1st Semester 2007-2008 University Joseph Fourrier, Verimag Master Of Information Security And Coding
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 3 January 13, 2012 CPSC 467b, Lecture 3 1/36 Perfect secrecy Caesar cipher Loss of perfection Classical ciphers One-time pad Affine
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More informationPublic Key Cryptography and the RSA Cryptosystem
Public Key Cryptography and the RSA Cryptosystem Two people, say Alice and Bob, would like to exchange secret messages; however, Eve is eavesdropping: One technique would be to use an encryption technique
More informationAlgorithms (III) Yijia Chen Shanghai Jiaotong University
Algorithms (III) Yijia Chen Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the
More informationRSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.
RSA (material drawn from Avi Kak (kak@purdue.edu) Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto. protocols The RSA algorithm is based on the following property
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationPublic Key Algorithms
Public Key Algorithms CS 472 Spring 13 Lecture 6 Mohammad Almalag 2/19/2013 Public Key Algorithms - Introduction Public key algorithms are a motley crew, how? All hash algorithms do the same thing: Take
More informationCryptography Worksheet
Cryptography Worksheet People have always been interested in writing secret messages. In ancient times, people had to write secret messages to keep messengers and interceptors from reading their private
More informationCS669 Network Security
UNIT II PUBLIC KEY ENCRYPTION Uniqueness Number Theory concepts Primality Modular Arithmetic Fermet & Euler Theorem Euclid Algorithm RSA Elliptic Curve Cryptography Diffie Hellman Key Exchange Uniqueness
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about
More informationCS 161 Computer Security
Paxson Spring 2013 CS 161 Computer Security 3/14 Asymmetric cryptography Previously we saw symmetric-key cryptography, where Alice and Bob share a secret key K. However, symmetric-key cryptography can
More informationIntroduction to Cryptography and Security Mechanisms. Abdul Hameed
Introduction to Cryptography and Security Mechanisms Abdul Hameed http://informationtechnology.pk Before we start 3 Quiz 1 From a security perspective, rather than an efficiency perspective, which of the
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationPublic-key encipherment concept
Date: onday, October 21, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on Public Key Cryptography Public-key encipherment concept Each user in a secure communication
More informationMidterm Exam. CS381-Cryptography. October 30, 2014
Midterm Exam CS381-Cryptography October 30, 2014 Useful Items denotes exclusive-or, applied either to individual bits or to sequences of bits. The same operation in Python is denoted ˆ. 2 10 10 3 = 1000,
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationGreat Theoretical Ideas in Computer Science. Lecture 27: Cryptography
15-251 Great Theoretical Ideas in Computer Science Lecture 27: Cryptography What is cryptography about? Adversary Eavesdropper I will cut his throat I will cut his throat What is cryptography about? loru23n8uladjkfb!#@
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationUsing block ciphers 1
Using block ciphers 1 Using block ciphers DES is a type of block cipher, taking 64-bit plaintexts and returning 64-bit ciphetexts. We now discuss a number of ways in which block ciphers are employed in
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationEncryption Providing Perfect Secrecy COPYRIGHT 2001 NON-ELEPHANT ENCRYPTION SYSTEMS INC.
Encryption Providing Perfect Secrecy Presented at Calgary Unix Users Group. November 27, 2001 by: Mario Forcinito, PEng, PhD With many thanks to Prof. Aiden Bruen from the Mathematics Department, University
More informationLecture 3 Algorithms with numbers (cont.)
Advanced Algorithms Floriano Zini Free University of Bozen-Bolzano Faculty of Computer Science Academic Year 2013-2014 Lecture 3 Algorithms with numbers (cont.) 1 Modular arithmetic For cryptography it
More informationA Tour of Classical and Modern Cryptography
A Tour of Classical and Modern Cryptography Evan P. Dummit University of Rochester May 25, 2016 Outline Contents of this talk: Overview of cryptography (what cryptography is) Historical cryptography (how
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationPublic Key Cryptography and RSA
Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange
More informationChapter 3 Public Key Cryptography
Cryptography and Network Security Chapter 3 Public Key Cryptography Lectured by Nguyễn Đức Thái Outline Number theory overview Public key cryptography RSA algorithm 2 Prime Numbers A prime number is an
More informationCryptography Introduction to Computer Security. Chapter 8
Cryptography Introduction to Computer Security Chapter 8 Introduction Cryptology: science of encryption; combines cryptography and cryptanalysis Cryptography: process of making and using codes to secure
More informationCS61A Lecture #39: Cryptography
Announcements: CS61A Lecture #39: Cryptography Homework 13 is up: due Monday. Homework 14 will be judging the contest. HKN surveys on Friday: 7.5 bonus points for filling out their survey on Friday (yes,
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationMath236 Discrete Maths with Applications
Math236 Discrete Maths with Applications P. Ittmann UKZN, Pietermaritzburg Semester 1, 2012 Ittmann (UKZN PMB) Math236 2012 1 / 1 Block Ciphers A block cipher is an encryption scheme in which the plaintext
More informationApplied Cryptography and Network Security
Applied Cryptography and Network Security William Garrison bill@cs.pitt.edu 6311 Sennott Square Lecture #8: RSA Didn t we learn about RSA last time? During the last lecture, we saw what RSA does and learned
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationLecture 2. Cryptography: History + Simple Encryption,Methods & Preliminaries. Cryptography can be used at different levels
Lecture 2 Cryptography: History + Simple Encryption,Methods & Preliminaries 1 Cryptography can be used at different levels algorithms: encryption, signatures, hashing, RNG protocols (2 or more parties):
More informationMore on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017
More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017 Page 1 Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of cryptography Symmetric
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 4 (and 5 and maybe 6) secret-key primitives symmetric-key encryption security notions and types of
More informationCRYPTOGRAPHY & DIGITAL SIGNATURE
UNIT V CRYPTOGRAPHY & DIGITAL SIGNATURE What happens in real life? We have universal electronic connectivity via networks of our computers so allowing viruses and hackers to do eavesdropping. So both the
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationClassical Encryption Techniques. CSS 322 Security and Cryptography
Classical Encryption Techniques CSS 322 Security and Cryptography Contents Terminology and Models Requirements, Services and Attacks Substitution Ciphers Caesar, Monoalphabetic, Polyalphabetic, One-time
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationActivity Guide - Public Key Cryptography
Unit 2 Lesson 19 Name(s) Period Date Activity Guide - Public Key Cryptography Introduction This activity is similar to the cups and beans encryption we did in a previous lesson. However, instead of using
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More information2 What does it mean that a crypto system is secure?
Cryptography Written by: Marius Zimand Notes: On the notion of security 1 The One-time Pad cryptosystem The one-time pad cryptosystem was introduced by Vernam and Mauborgne in 1919 (for more details about
More information10.1 Introduction 10.2 Asymmetric-Key Cryptography Asymmetric-Key Cryptography 10.3 RSA Cryptosystem
[Part 2] Asymmetric-Key Encipherment Asymmetric-Key Cryptography To distinguish between two cryptosystems: symmetric-key and asymmetric-key; To discuss the RSA cryptosystem; To introduce the usage of asymmetric-key
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationL2. An Introduction to Classical Cryptosystems. Rocky K. C. Chang, 23 January 2015
L2. An Introduction to Classical Cryptosystems Rocky K. C. Chang, 23 January 2015 This and the next set of slides 2 Outline Components of a cryptosystem Some modular arithmetic Some classical ciphers Shift
More informationUzzah and the Ark of the Covenant
Uzzah and the Ark of the Covenant And when they came to the threshing floor of Chidon, Uzzah put out his hand to take hold of the ark, for the oxen stumbled. 10 And the anger of the LORD was kindled against
More informationCryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.
Telling Secrets Secret Writing Through the Ages William Turner Department of Mathematics & Computer Science Wabash College Crawfordsville, IN 47933 Tuesday 4 February 2014 W. J. Turner Telling Secrets
More informationCS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.
CS 393 - Network Security Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA. Course Logistics Homework 2 revised. Due next Tuesday midnight. 2/26,28/02 Module 7 - Pubic Key Crypto
More informationHomework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08
Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08 This homework assignment is due Wednesday, February 13 at the beginning of lecture. Please bring a hard copy to class; either
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationLecture 2 Algorithms with numbers
Advanced Algorithms Floriano Zini Free University of Bozen-Bolzano Faculty of Computer Science Academic Year 2013-2014 Lecture 2 Algorithms with numbers 1 RSA Algorithm Why does RSA work? RSA is based
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Basic Communication Alice talking to Bob Alice Bob 2 Eavesdropping Eve listening the conversation Alice Bob 3 Secure Communication Eve listening the
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationRSA (algorithm) History
RSA (algorithm) RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Misconceptions Concerning Public-Key Encryption Public-key encryption is more secure from
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More information